From owner-freebsd-current  Mon Mar  6  2:29:43 2000
Delivered-To: freebsd-current@freebsd.org
Received: from NOC.cs.uu.nl (magic.cs.uu.nl [131.211.80.22])
	by hub.freebsd.org (Postfix) with ESMTP id 18F1037BD09
	for <freebsd-current@FreeBSD.ORG>; Mon,  6 Mar 2000 02:29:41 -0800 (PST)
	(envelope-from edwin@cs.uu.nl)
Received: by NOC.cs.uu.nl (Postfix, from userid 164)
	id 9EF9C3E8C2; Mon,  6 Mar 2000 11:29:39 +0100 (MET)
Date: Mon, 6 Mar 2000 11:29:39 +0100
From: Edwin Kremer <edwin+freebsd-current@cs.uu.nl>
To: freebsd-current@FreeBSD.ORG
Subject: Re: openssh question
Message-ID: <20000306112939.A24401@cs.uu.nl>
References: <200003060833.AAA18027@windsor.research.att.com> <200003060920.CAA57713@harmony.village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.1.7i
In-Reply-To: <200003060920.CAA57713@harmony.village.org>; from imp@village.org on Mon, Mar 06, 2000 at 02:20:35AM -0700
X-Organization: Department of Computer Science, Utrecht University
X-Phone: +31-30-2534104 (telefax: +31-30-2513791)
X-PGP-DSS-Key: http://horowitz.surfnet.nl:11371/pks/lookup?op=get&search=0x33E1E549
X-PGP-RSA-Key: http://horowitz.surfnet.nl:11371/pks/lookup?op=get&search=0xAD4B1845
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Mar 06, 2000 at 02:20:35AM -0700, Warner Losh wrote:

  : OpenSSH inherited this from the 1.2.12 version it started from.

On a side note: last week, Tatu Ylonen, principal author of SSH, posted a
message on the SSH mailing-list (in the thread about the new SSH2 license)
saying that:

   " OpenSSH is based on my version from back in 1995 or 1996.  The OpenSSH
   " folks have fixed many of the (security) bugs in that version, but not
   " all of them when I last checked.  Some of the problems in SSH1 are
   " very fundamental.
   " 
   " I do not recommend use of OpenSSH (or SSH1 generally, for that matter).


There hasn't been much followup on this. Anybody here who cares to
comment on this? What issues are relevant here and how bad is it?


Best regards,

-- 
Edwin H. Kremer, senior systems- and network administrator.   <edwin@cs.uu.nl>
Dept. of Computer Science,  Utrecht University, The Netherlands  [WHOIS: ehk3]
-------------------- http://www.cs.uu.nl/people/edwin/ -----------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message